With Windows Server 2008, Microsoft introduced Fine-Grained Password policies which utilizes a new Active Directory object called Password Settings Object (PSO). These objects allow you to more easily create and assign password policies to subsets of users, albeit with a bit of an unpolished implementation method compared to the old method via group policy (GPO). If…
Read On…
A few weeks ago, David K. Sutton posted his thoughts on passwords on this blog, and since I had coincidentally just finished trying to hack a password around that same time, I thought I might add and/or elaborate a little on what he said, and offer some real world context and numbers. WORKPLACE CRACK Someone…
Read On…
The Account Lockout Policy in Active Directory is not what it seems. Oh sure, at first glance it appears simple enough. Set a threshold, set a counter, and when that threshold is tripped in the allotted time, account locked out. What could be simpler right? Well, as with most things in IT, what should be simple isn’t….
Read On…
A guide for LAN Administrators who want to secure their systems without a user revolt. GOLDEN RULE OF PASSWORD CREATION: length + the uniqueness of your brain More on that in a moment. But first, if only we could trust our fellow human beings, there would be no need to secure our sensitive data. No need…
Read On…